Updated: 2025-12-11 11:52:37.836149
Description:
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | python3.11 | 3.11.2 | 7.8 | HIGH | Released | CLSA-2025:1740479778 | 2025-02-26 07:09:00 | |
| AlmaLinux 9.2 ESU | python3 | 3.9.16 | 7.8 | HIGH | Released | CLSA-2024:1720547879 | 2024-07-09 14:24:56 | |
| CentOS 6 ELS | python | 2.6.6 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:20 | ||
| CentOS 7 ELS | python | 2.7.5 | 7.8 | HIGH | Not Vulnerable | 2025-06-12 00:53:19 | ||
| CentOS 7 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720548714 | 2024-07-23 17:19:27 | |
| CentOS 8.4 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720178532 | 2024-07-05 10:17:11 | |
| CentOS 8.4 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-03 11:22:59 | ||
| CentOS 8.5 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-03 11:22:59 | ||
| CentOS 8.5 ELS | python3 | 3.6.8 | 7.8 | HIGH | Released | CLSA-2024:1720548691 | 2024-07-09 14:24:56 | |
| CentOS Stream 8 ELS | python2 | 2.7.18 | 7.8 | HIGH | Not Vulnerable | 2024-07-17 05:37:35 |